Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About alec_stan
alec_stan
Engager
Member since:
03-15-2024
3 weeks ago
Community Statistics
| Posts | 6 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 03-15-2024 |
Activity Feed
- Posted Re: Multi Site Forwarder Architecture on Deployment Architecture. 3 weeks ago
- Posted Re: Multi Site Forwarder Architecture on Deployment Architecture. 3 weeks ago
- Posted Multi Site Forwarder Architecture on Deployment Architecture. 3 weeks ago
- Tagged Multi Site Forwarder Architecture on Deployment Architecture. 3 weeks ago
- Tagged Multi Site Forwarder Architecture on Deployment Architecture. 3 weeks ago
- Tagged Multi Site Forwarder Architecture on Deployment Architecture. 3 weeks ago
- Tagged Multi Site Forwarder Architecture on Deployment Architecture. 3 weeks ago
- Posted Re: Splunk universal forwarder crashes : Crashing thread: parsing on Getting Data In. 10-04-2024 11:50 PM
- Posted Re: Splunk universal forwarder crashes : Crashing thread: parsing on Getting Data In. 10-04-2024 11:51 AM
- Posted Extract timestamp from two json fields on Getting Data In. 03-15-2024 02:43 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
3 weeks ago
Hi @gcusello Thank you for quick response. That means we do not need to do any form of clustering. On our current setup, we have two Intermediate Forwarders and they do not store any copy of the data and no clustering. From what you are saying, we should deploy two new forwarders on the other site, configure all intermediate forwarders to now point to four intermediate forwarders (two on DC1, two on DC2). Thanks again.
... View more
3 weeks ago
Good day Splunkers, We have two site/DCs, where one is production and the other a standby DR. In our current architecture, we have intermediate forwarders that forwards the logs to Splunk Cloud. All universal forwarders send metrics/logs to these intermediate forwarders. We also have a single deployment server. The architecture is as follows: UF -> IF -> SH (Splunk cloud) The intermediate forwarders are Heavy Forwarders, they do some indexing, and some data transformation such as anonymizing data. The search head is on the cloud. We have been asked to move from the current production-DR architectural setup to an multi-site (active-active) setup. The requirement is for both DCs to be active and servicing customers at the same time. What is your recommendation in terms of setting up the forwarding layer? Is it okay to provision two more intermediate forwarders on the other DC and have all universal forwarders send to all intermediate forwarders across the two DCs. Is there a best practice that you can point me towards. Furthermore, do we need more deployment servers. Extra Info: The network team is about to complete network migration to Cisco ACI.
... View more
Labels
10-04-2024
11:50 PM
No, I am using 9.1 and 9.3. However, I am experiencing the same problem on Red Hat 8. I will start a new thread as per your advice.
... View more
10-04-2024
11:51 AM
Hello Did you manage to resolve, I am facing a similar problem with my intermediate forwarders crushing. I have enough memory 16GB
... View more
03-15-2024
02:43 PM
I need to extract timestamp from a JSON log where date and time are on two separate fields. Example below: { "Date": 240315, "EMVFallback": false, "FunctionCode": 80, "Time": 154915 } Date here is equivalent of 2024-March-15 and the time is 15:49:15 pm. I am struggling to find a way to extract timestamp using props.conf. May you please assist.
... View more
Labels
- Labels:
-
field extraction
-
props.conf
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
3 weeks ago
|
